Cisco’s Newest Network Security Product Is the Entire Network

Using the term “network-as-a-sensor,” Cisco is pitching an approach to network security that relies on the whole network rather than on individual products.

Cisco didn’t invent the term; rather, it claims to be adding enhancements that allow the network to better serve as that sensor. Monday’s basket of security announcements, launched at Cisco Live in San Diego, did include some new equipment. But the larger point was that established network tools can be used in new, integrated ways to improve security.

SPONSORED

“We haven’t created yet another piece. We’ve just embedded security into our customers’ infrastructure,” said Inbar Lasser-Raab, vice president of enterprise solutions, during a Monday press conference at Cisco Live.

It’s an approach prompted by the rise of mobile devices, wearables, and the Internet of Things. The number of attack vectors is increasing. Security needs to be applied everywhere, and “the one thing that is everywhere is the network,” she said.

Cisco‘s stance is not surprising. Security itself is no longer one function, but a collection of related functions spread throughout the network. That’s leading to radical approaches; for instance, startup Illumio has a networkwide security architecture that’s actually oblivious to the network.

More crucially for Cisco, the company’s sales strategy is now based on architectures rather than pieces of equipment. The network-as-a-sensor concept would feed that strategy.

Mashup: NetFlow, ISE, and StealthWatch

At the heart of the network-as-a-sensor is the correlation between Cisco’s NetFlow and Identity Services Engine (ISE). Both tools have existed for a while, but both have their limitations; NetFlow shows you all conversations on the network, providing no context, while ISE can only tell you who was on the network and on what device. Combining the two is analogous to having a call record with caller ID information attached, Lasser-Raab said.

Cisco is integrating those pieces with Lancope StealthWatch, which monitors the network and, in conjunction with ISE, can help it better identify anomalous behavior.

Cisco is also touting the ability of the network to be a security enforcer, using policy and SDN to contain attackers who get through the defenses. This has been a strong theme for VMware, which found network security — based on this kind of containment — to be a popular use case for the NSXnetwork virtualization platform.

Security and FirePower

Other security pieces being announced at Cisco Live include:

A hosted identity service. Cisco will operate ISE for you, using it to determine how users can access the network and what rights they’re granted. Cisco is pitching the service as a way to move security to an operations model as opposed to an equipment-based model.

The Firepower 9300, a new piece of service-provider equipment based on the Sourcefire acquisition. It’s a carrier-grade, modular chassis meant to be packed with compute blades (specifics weren’t immediately available). It’s also open, in the sense that Cisco will let third-party software run on the platform.

Craig Matsumoto is managing editor at SDxCentral.com, responsible for the site's content and for covering news. He is a "veteran" of the SDN scene, having started covering it way back in 2010, and his background in technology journalism goes back to 1994. Craig is based in Silicon Valley. He can be reached at craig@sdxcentral.com.

Win a $200 Amazon Gift Card

New Report: 2016 Cloud Automation and DevOps Report – What’s Next for Networking in the Cloud?

2016 Cloud Automation and DevOps Report: What’s Next for Networking in the Cloud? is available for free download. This FREE Report examines how cloud management, automation, and DevOps are likely to influence and integrate with networking and SDx technology in the future.

About SDxCentral

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDNCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.